0

Since I can't afford buying a wildcard ssl, I want to purchase another ssl certificate for m.mysite.com, so mysite.com and www.mysite.com will have the a different ssl certificate than m.mysite.com

Will this create any complications if I host both mysite.com and m.mysite.com in the same server (same ip), or I should host m.mysite.com on a different ip for the ssl to work properly?

This is the server block I use to accept the requests on the 403 port:

#
# SITE SSL
#
server {

    listen       443 ssl;

    ssl_certificate /srv/ssl/mysite.com.crt;
    ssl_certificate_key /srv/ssl/mysite.com.key;

    #enables all versions of TLS, but not SSLv2 or 3 which are weak, deprecated.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    #Disables all weak ciphers
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

    ssl_prefer_server_ciphers on;

    server_name mysite.com www.mysite.com;
    error_log /var/www/mysite.com/public_html/error.log error;
    access_log off;

    location / {
        root   /var/www/mysite.com/public_html;
        index index.php  index.html index.htm;
        try_files $uri $uri/ /index.php;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /var/www/mysite.com/public_html;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /var/www/mysite.com/public_html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root           /var/www/mysite.com/public_html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;
        include        fastcgi_params;
        try_files  $uri =404;
    }
}
bornie
  • 133
  • 5

2 Answers2

3

This depends on the webserver you're using. Make sure it supports SNI (Server name indication) (which is the case on propably all relevant webservers) or use a reverse proxy like nginx or haproxy to handle the SSL/TLS connection and forward traffic to your internal server(s).

Daniel Nachtrub
  • 1,022
  • 7
  • 12
0

If your server supports SNI - you will be able to install two SSL certificates on single IP address. Otherwise you will need either Wildcard SSL certificate, or move the subdomain to different account, assign it different (than the first[main domain] account) IP address to it and install your SSL certificate. For the second case - you will have to also edit the DNS zone for your domain.com and change the A record for the subdomani to point to the new Dedicated IP address for the second account.

Georgi Tsvetanov Tsenov
  • 175
  • 1
  • 1
  • 11
  • Nginx installation I have supports SNI. Thanks for your answer. I was thinking that, hosting my subdomain to a different vps. – bornie Mar 02 '16 at 16:28